1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
27 #include <sys/epoll.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
32 #include <sys/xattr.h>
36 #include "load-dropin.h"
37 #include "load-fragment.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
46 #include "exit-status.h"
48 #include "smack-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
78 assert(u->load_state == UNIT_STUB);
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
85 s->max_connections = 64;
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
98 static void socket_unwatch_control_pid(Socket *s) {
101 if (s->control_pid <= 0)
104 unit_unwatch_pid(UNIT(s), s->control_pid);
108 void socket_free_ports(Socket *s) {
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
116 sd_event_source_unref(p->event_source);
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
129 socket_free_ports(s);
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
135 socket_unwatch_control_pid(s);
137 unit_ref_unset(&s->service);
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
149 strv_free(s->symlinks);
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
157 static int socket_arm_timer(Socket *s) {
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
195 if (UNIT_DEREF(s->service) || !s->accept)
198 prefix = unit_name_to_prefix(UNIT(s)->id);
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
210 unit_ref_set(&s->service, u);
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
215 static bool have_non_accept_socket(Socket *s) {
223 LIST_FOREACH(port, p, s->ports) {
225 if (p->type != SOCKET_SOCKET)
228 if (!socket_address_can_accept(&p->address))
235 static int socket_add_mount_links(Socket *s) {
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
252 r = unit_require_mounts_for(UNIT(s), path);
260 static int socket_add_device_link(Socket *s) {
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
272 static int socket_add_default_dependencies(Socket *s) {
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
289 _pure_ static bool socket_has_exec(Socket *s) {
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
300 static int socket_add_extras(Socket *s) {
306 if (have_non_accept_socket(s)) {
308 if (!UNIT_DEREF(s->service)) {
311 r = unit_load_related_unit(u, ".service", &x);
315 unit_ref_set(&s->service, x);
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
323 r = socket_add_mount_links(s);
327 r = socket_add_device_link(s);
331 r = unit_patch_contexts(u);
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
340 r = unit_add_default_slice(u, &s->cgroup_context);
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
387 static int socket_verify(Socket *s) {
390 if (UNIT(s)->load_state != UNIT_LOADED)
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
432 assert(u->load_state == UNIT_STUB);
434 r = unit_load_fragment_and_dropin(u);
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
445 return socket_verify(s);
448 _const_ static const char* listen_lookup(int family, int type) {
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
460 assert_not_reached("Unknown socket type");
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
467 Socket *s = SOCKET(u);
474 prefix = strempty(prefix);
475 prefix2 = strappenda(prefix, "\t");
478 "%sSocket State: %s\n"
480 "%sBindIPv6Only: %s\n"
482 "%sSocketMode: %04o\n"
483 "%sDirectoryMode: %04o\n"
487 "%sTransparent: %s\n"
489 "%sPassCredentials: %s\n"
490 "%sPassSecurity: %s\n"
491 "%sTCPCongestion: %s\n"
492 "%sRemoveOnStop: %s\n",
493 prefix, socket_state_to_string(s->state),
494 prefix, socket_result_to_string(s->result),
495 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
497 prefix, s->socket_mode,
498 prefix, s->directory_mode,
499 prefix, yes_no(s->keep_alive),
500 prefix, yes_no(s->no_delay),
501 prefix, yes_no(s->free_bind),
502 prefix, yes_no(s->transparent),
503 prefix, yes_no(s->broadcast),
504 prefix, yes_no(s->pass_cred),
505 prefix, yes_no(s->pass_sec),
506 prefix, strna(s->tcp_congestion),
507 prefix, yes_no(s->remove_on_stop));
509 if (s->control_pid > 0)
511 "%sControl PID: "PID_FMT"\n",
512 prefix, s->control_pid);
514 if (s->bind_to_device)
516 "%sBindToDevice: %s\n",
517 prefix, s->bind_to_device);
522 "%sNConnections: %u\n"
523 "%sMaxConnections: %u\n",
524 prefix, s->n_accepted,
525 prefix, s->n_connections,
526 prefix, s->max_connections);
528 if (s->priority >= 0)
531 prefix, s->priority);
533 if (s->receive_buffer > 0)
535 "%sReceiveBuffer: %zu\n",
536 prefix, s->receive_buffer);
538 if (s->send_buffer > 0)
540 "%sSendBuffer: %zu\n",
541 prefix, s->send_buffer);
553 if (s->pipe_size > 0)
556 prefix, s->pipe_size);
563 if (s->mq_maxmsg > 0)
565 "%sMessageQueueMaxMessages: %li\n",
566 prefix, s->mq_maxmsg);
568 if (s->mq_msgsize > 0)
570 "%sMessageQueueMessageSize: %li\n",
571 prefix, s->mq_msgsize);
576 prefix, yes_no(s->reuse_port));
580 "%sSmackLabel: %s\n",
585 "%sSmackLabelIPIn: %s\n",
586 prefix, s->smack_ip_in);
590 "%sSmackLabelIPOut: %s\n",
591 prefix, s->smack_ip_out);
593 if (!isempty(s->user) || !isempty(s->group))
596 "%sOwnerGroup: %s\n",
597 prefix, strna(s->user),
598 prefix, strna(s->group));
600 if (s->keep_alive_time > 0)
602 "%sKeepAliveTimeSec: %s\n",
603 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
605 if (s->keep_alive_interval)
607 "%sKeepAliveIntervalSec: %s\n",
608 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
610 if (s->keep_alive_cnt)
612 "%sKeepAliveProbes: %u\n",
613 prefix, s->keep_alive_cnt);
617 "%sDeferAcceptSec: %s\n",
618 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
620 LIST_FOREACH(port, p, s->ports) {
622 if (p->type == SOCKET_SOCKET) {
627 if ((r = socket_address_print(&p->address, &k)) < 0)
632 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
634 } else if (p->type == SOCKET_SPECIAL)
635 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
636 else if (p->type == SOCKET_MQUEUE)
637 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
639 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
642 exec_context_dump(&s->exec_context, f, prefix);
643 kill_context_dump(&s->kill_context, f, prefix);
645 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
646 if (!s->exec_command[c])
649 fprintf(f, "%s-> %s:\n",
650 prefix, socket_exec_command_to_string(c));
652 exec_command_dump_list(s->exec_command[c], f, prefix2);
656 static int instance_from_socket(int fd, unsigned nr, char **instance) {
659 union sockaddr_union local, remote;
665 if (getsockname(fd, &local.sa, &l) < 0)
669 if (getpeername(fd, &remote.sa, &l) < 0)
672 switch (local.sa.sa_family) {
676 a = ntohl(local.in.sin_addr.s_addr),
677 b = ntohl(remote.in.sin_addr.s_addr);
680 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
682 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
683 ntohs(local.in.sin_port),
684 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
685 ntohs(remote.in.sin_port)) < 0)
692 static const unsigned char ipv4_prefix[] = {
693 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
696 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
697 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
699 *a = local.in6.sin6_addr.s6_addr+12,
700 *b = remote.in6.sin6_addr.s6_addr+12;
703 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
705 a[0], a[1], a[2], a[3],
706 ntohs(local.in6.sin6_port),
707 b[0], b[1], b[2], b[3],
708 ntohs(remote.in6.sin6_port)) < 0)
711 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
716 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
717 ntohs(local.in6.sin6_port),
718 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
719 ntohs(remote.in6.sin6_port)) < 0)
730 k = getpeercred(fd, &ucred);
733 "%u-"PID_FMT"-"UID_FMT,
734 nr, ucred.pid, ucred.uid) < 0)
736 } else if (k == -ENODATA) {
737 /* This handles the case where somebody is
738 * connecting from another pid/uid namespace
739 * (e.g. from outside of our container). */
751 assert_not_reached("Unhandled socket type.");
758 static void socket_close_fds(Socket *s) {
764 LIST_FOREACH(port, p, s->ports) {
766 p->event_source = sd_event_source_unref(p->event_source);
771 p->fd = safe_close(p->fd);
773 /* One little note: we should normally not delete any
774 * sockets in the file system here! After all some
775 * other process we spawned might still have a
776 * reference of this fd and wants to continue to use
777 * it. Therefore we delete sockets in the file system
778 * before we create a new one, not after we stopped
781 if (s->remove_on_stop) {
793 socket_address_unlink(&p->address);
802 if (s->remove_on_stop)
803 STRV_FOREACH(i, s->symlinks)
807 static void socket_apply_socket_options(Socket *s, int fd) {
812 int b = s->keep_alive;
813 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
814 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
817 if (s->keep_alive_time) {
818 int value = s->keep_alive_time / USEC_PER_SEC;
819 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
820 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
823 if (s->keep_alive_interval) {
824 int value = s->keep_alive_interval / USEC_PER_SEC;
825 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
826 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
829 if (s->keep_alive_cnt) {
830 int value = s->keep_alive_cnt;
831 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
832 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
835 if (s->defer_accept) {
836 int value = s->defer_accept / USEC_PER_SEC;
837 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
838 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
843 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
844 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
849 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
850 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
855 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
856 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
861 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
862 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
865 if (s->priority >= 0)
866 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
867 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
869 if (s->receive_buffer > 0) {
870 int value = (int) s->receive_buffer;
872 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
874 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
875 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
876 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
879 if (s->send_buffer > 0) {
880 int value = (int) s->send_buffer;
881 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
882 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
883 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
887 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
888 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
891 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
892 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
894 if (s->ip_ttl >= 0) {
897 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
899 if (socket_ipv6_is_supported())
900 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
903 errno = EAFNOSUPPORT;
907 log_warning_unit(UNIT(s)->id,
908 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
911 if (s->tcp_congestion)
912 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
913 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
916 int b = s->reuse_port;
917 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
918 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
922 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
923 log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
926 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
927 log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
930 static void socket_apply_fifo_options(Socket *s, int fd) {
934 if (s->pipe_size > 0)
935 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
936 log_warning_unit(UNIT(s)->id,
940 if (smack_label_fd(fd, s->smack) < 0)
941 log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
944 static int fifo_address_create(
946 mode_t directory_mode,
957 mkdir_parents_label(path, directory_mode);
959 r = label_context_set(path, S_IFIFO);
963 /* Enforce the right access mode for the fifo */
964 old_mask = umask(~ socket_mode);
966 /* Include the original umask in our mask */
967 umask(~socket_mode | old_mask);
969 r = mkfifo(path, socket_mode);
972 if (r < 0 && errno != EEXIST) {
977 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
982 label_context_clear();
984 if (fstat(fd, &st) < 0) {
989 if (!S_ISFIFO(st.st_mode) ||
990 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
991 st.st_uid != getuid() ||
992 st.st_gid != getgid()) {
1002 label_context_clear();
1008 static int special_address_create(
1018 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1024 if (fstat(fd, &st) < 0) {
1029 /* Check whether this is a /proc, /sys or /dev file or char device */
1030 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1044 static int mq_address_create(
1054 struct mq_attr _attr, *attr = NULL;
1059 if (maxmsg > 0 && msgsize > 0) {
1061 _attr.mq_flags = O_NONBLOCK;
1062 _attr.mq_maxmsg = maxmsg;
1063 _attr.mq_msgsize = msgsize;
1067 /* Enforce the right access mode for the mq */
1068 old_mask = umask(~ mq_mode);
1070 /* Include the original umask in our mask */
1071 umask(~mq_mode | old_mask);
1072 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1080 if (fstat(fd, &st) < 0) {
1085 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1086 st.st_uid != getuid() ||
1087 st.st_gid != getgid()) {
1101 static int socket_symlink(Socket *s) {
1107 p = socket_find_symlink_target(s);
1111 STRV_FOREACH(i, s->symlinks)
1117 static int socket_open_fds(Socket *s) {
1121 bool know_label = false;
1125 LIST_FOREACH(port, p, s->ports) {
1130 if (p->type == SOCKET_SOCKET) {
1134 r = socket_instantiate_service(s);
1138 if (UNIT_ISSET(s->service) &&
1139 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1140 r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1141 if (r < 0 && r != -EPERM)
1148 r = socket_address_listen(
1150 SOCK_CLOEXEC|SOCK_NONBLOCK,
1163 socket_apply_socket_options(s, p->fd);
1166 } else if (p->type == SOCKET_SPECIAL) {
1168 r = special_address_create(
1174 } else if (p->type == SOCKET_FIFO) {
1176 r = fifo_address_create(
1184 socket_apply_fifo_options(s, p->fd);
1187 } else if (p->type == SOCKET_MQUEUE) {
1189 r = mq_address_create(
1198 assert_not_reached("Unknown port type");
1205 socket_close_fds(s);
1210 static void socket_unwatch_fds(Socket *s) {
1216 LIST_FOREACH(port, p, s->ports) {
1220 if (!p->event_source)
1223 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1225 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1229 static int socket_watch_fds(Socket *s) {
1235 LIST_FOREACH(port, p, s->ports) {
1239 if (p->event_source)
1240 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1242 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1245 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1253 socket_unwatch_fds(s);
1257 static void socket_set_state(Socket *s, SocketState state) {
1258 SocketState old_state;
1261 old_state = s->state;
1269 SOCKET_STOP_PRE_SIGTERM,
1270 SOCKET_STOP_PRE_SIGKILL,
1272 SOCKET_FINAL_SIGTERM,
1273 SOCKET_FINAL_SIGKILL)) {
1275 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1276 socket_unwatch_control_pid(s);
1277 s->control_command = NULL;
1278 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1281 if (state != SOCKET_LISTENING)
1282 socket_unwatch_fds(s);
1290 SOCKET_STOP_PRE_SIGTERM,
1291 SOCKET_STOP_PRE_SIGKILL))
1292 socket_close_fds(s);
1294 if (state != old_state)
1295 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1296 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1298 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1301 static int socket_coldplug(Unit *u) {
1302 Socket *s = SOCKET(u);
1306 assert(s->state == SOCKET_DEAD);
1308 if (s->deserialized_state == s->state)
1311 if (IN_SET(s->deserialized_state,
1316 SOCKET_STOP_PRE_SIGTERM,
1317 SOCKET_STOP_PRE_SIGKILL,
1319 SOCKET_FINAL_SIGTERM,
1320 SOCKET_FINAL_SIGKILL)) {
1322 if (s->control_pid <= 0)
1325 r = unit_watch_pid(UNIT(s), s->control_pid);
1329 r = socket_arm_timer(s);
1334 if (IN_SET(s->deserialized_state,
1340 SOCKET_STOP_PRE_SIGTERM,
1341 SOCKET_STOP_PRE_SIGKILL)) {
1342 r = socket_open_fds(s);
1347 if (s->deserialized_state == SOCKET_LISTENING) {
1348 r = socket_watch_fds(s);
1353 socket_set_state(s, s->deserialized_state);
1357 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1358 _cleanup_free_ char **argv = NULL;
1361 ExecParameters exec_params = {
1362 .apply_permissions = true,
1363 .apply_chroot = true,
1364 .apply_tty_stdin = true,
1371 unit_realize_cgroup(UNIT(s));
1373 r = unit_setup_exec_runtime(UNIT(s));
1377 r = socket_arm_timer(s);
1381 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1385 exec_params.argv = argv;
1386 exec_params.environment = UNIT(s)->manager->environment;
1387 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1388 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1389 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1390 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1391 exec_params.unit_id = UNIT(s)->id;
1401 r = unit_watch_pid(UNIT(s), pid);
1403 /* FIXME: we need to do something here */
1410 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1414 static int socket_chown(Socket *s, pid_t *_pid) {
1418 r = socket_arm_timer(s);
1422 /* We have to resolve the user names out-of-process, hence
1423 * let's fork here. It's messy, but well, what can we do? */
1431 uid_t uid = (uid_t) -1;
1432 gid_t gid = (gid_t) -1;
1435 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1436 ignore_signals(SIGPIPE, -1);
1439 if (!isempty(s->user)) {
1440 const char *user = s->user;
1442 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1449 if (!isempty(s->group)) {
1450 const char *group = s->group;
1452 r = get_group_creds(&group, &gid);
1459 LIST_FOREACH(port, p, s->ports) {
1460 const char *path = NULL;
1462 if (p->type == SOCKET_SOCKET)
1463 path = socket_address_get_path(&p->address);
1464 else if (p->type == SOCKET_FIFO)
1470 if (chown(path, uid, gid) < 0) {
1481 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1486 r = unit_watch_pid(UNIT(s), pid);
1494 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1498 static void socket_enter_dead(Socket *s, SocketResult f) {
1501 if (f != SOCKET_SUCCESS)
1504 exec_runtime_destroy(s->exec_runtime);
1505 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1507 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1509 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1512 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1514 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1518 if (f != SOCKET_SUCCESS)
1521 socket_unwatch_control_pid(s);
1522 s->control_command_id = SOCKET_EXEC_STOP_POST;
1523 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1525 if (s->control_command) {
1526 r = socket_spawn(s, s->control_command, &s->control_pid);
1530 socket_set_state(s, SOCKET_STOP_POST);
1532 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1537 log_warning_unit(UNIT(s)->id,
1538 "%s failed to run 'stop-post' task: %s",
1539 UNIT(s)->id, strerror(-r));
1540 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1543 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1548 if (f != SOCKET_SUCCESS)
1551 r = unit_kill_context(
1554 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1562 r = socket_arm_timer(s);
1566 socket_set_state(s, state);
1567 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1568 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1569 else if (state == SOCKET_STOP_PRE_SIGKILL)
1570 socket_enter_stop_post(s, SOCKET_SUCCESS);
1571 else if (state == SOCKET_FINAL_SIGTERM)
1572 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1574 socket_enter_dead(s, SOCKET_SUCCESS);
1579 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1581 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1582 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1584 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1587 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1591 if (f != SOCKET_SUCCESS)
1594 socket_unwatch_control_pid(s);
1595 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1596 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1598 if (s->control_command) {
1599 r = socket_spawn(s, s->control_command, &s->control_pid);
1603 socket_set_state(s, SOCKET_STOP_PRE);
1605 socket_enter_stop_post(s, SOCKET_SUCCESS);
1610 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1611 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1614 static void socket_enter_listening(Socket *s) {
1618 r = socket_watch_fds(s);
1620 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1624 socket_set_state(s, SOCKET_LISTENING);
1628 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1631 static void socket_enter_start_post(Socket *s) {
1635 socket_unwatch_control_pid(s);
1636 s->control_command_id = SOCKET_EXEC_START_POST;
1637 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1639 if (s->control_command) {
1640 r = socket_spawn(s, s->control_command, &s->control_pid);
1642 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1646 socket_set_state(s, SOCKET_START_POST);
1648 socket_enter_listening(s);
1653 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1656 static void socket_enter_start_chown(Socket *s) {
1661 r = socket_open_fds(s);
1663 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1667 if (!isempty(s->user) || !isempty(s->group)) {
1669 socket_unwatch_control_pid(s);
1670 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1671 s->control_command = NULL;
1673 r = socket_chown(s, &s->control_pid);
1675 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1679 socket_set_state(s, SOCKET_START_CHOWN);
1681 socket_enter_start_post(s);
1686 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1689 static void socket_enter_start_pre(Socket *s) {
1693 socket_unwatch_control_pid(s);
1694 s->control_command_id = SOCKET_EXEC_START_PRE;
1695 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1697 if (s->control_command) {
1698 r = socket_spawn(s, s->control_command, &s->control_pid);
1700 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1704 socket_set_state(s, SOCKET_START_PRE);
1706 socket_enter_start_chown(s);
1711 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1714 static void socket_enter_running(Socket *s, int cfd) {
1715 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1720 /* We don't take connections anymore if we are supposed to
1721 * shut down anyway */
1722 if (unit_stop_pending(UNIT(s))) {
1724 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1729 /* Flush all sockets by closing and reopening them */
1730 socket_close_fds(s);
1732 r = socket_open_fds(s);
1734 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1735 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1739 r = socket_watch_fds(s);
1741 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1742 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1752 bool pending = false;
1754 /* If there's already a start pending don't bother to
1756 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1757 if (unit_active_or_pending(other)) {
1763 if (!UNIT_ISSET(s->service)) {
1764 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1769 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1774 socket_set_state(s, SOCKET_RUNNING);
1776 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1779 if (s->n_connections >= s->max_connections) {
1780 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1785 r = socket_instantiate_service(s);
1789 r = instance_from_socket(cfd, s->n_accepted, &instance);
1794 /* ENOTCONN is legitimate if TCP RST was received.
1795 * This connection is over, but the socket unit lives on. */
1800 prefix = unit_name_to_prefix(UNIT(s)->id);
1806 name = unit_name_build(prefix, instance, ".service");
1812 r = unit_add_name(UNIT_DEREF(s->service), name);
1816 service = SERVICE(UNIT_DEREF(s->service));
1817 unit_ref_unset(&s->service);
1820 UNIT(service)->no_gc = false;
1822 unit_choose_id(UNIT(service), name);
1824 r = service_set_socket_fd(service, cfd, s);
1829 s->n_connections ++;
1831 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1835 /* Notify clients about changed counters */
1836 unit_add_to_dbus_queue(UNIT(s));
1842 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1843 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1844 bus_error_message(&error, r));
1846 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1850 static void socket_run_next(Socket *s) {
1854 assert(s->control_command);
1855 assert(s->control_command->command_next);
1857 socket_unwatch_control_pid(s);
1859 s->control_command = s->control_command->command_next;
1861 r = socket_spawn(s, s->control_command, &s->control_pid);
1868 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1870 if (s->state == SOCKET_START_POST)
1871 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1872 else if (s->state == SOCKET_STOP_POST)
1873 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1875 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1878 static int socket_start(Unit *u) {
1879 Socket *s = SOCKET(u);
1883 /* We cannot fulfill this request right now, try again later
1885 if (IN_SET(s->state,
1887 SOCKET_STOP_PRE_SIGKILL,
1888 SOCKET_STOP_PRE_SIGTERM,
1890 SOCKET_FINAL_SIGTERM,
1891 SOCKET_FINAL_SIGKILL))
1894 /* Already on it! */
1895 if (IN_SET(s->state,
1901 /* Cannot run this without the service being around */
1902 if (UNIT_ISSET(s->service)) {
1905 service = SERVICE(UNIT_DEREF(s->service));
1907 if (UNIT(service)->load_state != UNIT_LOADED) {
1908 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1912 /* If the service is already active we cannot start the
1914 if (service->state != SERVICE_DEAD &&
1915 service->state != SERVICE_FAILED &&
1916 service->state != SERVICE_AUTO_RESTART) {
1917 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1922 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1924 s->result = SOCKET_SUCCESS;
1925 socket_enter_start_pre(s);
1930 static int socket_stop(Unit *u) {
1931 Socket *s = SOCKET(u);
1936 if (IN_SET(s->state,
1938 SOCKET_STOP_PRE_SIGTERM,
1939 SOCKET_STOP_PRE_SIGKILL,
1941 SOCKET_FINAL_SIGTERM,
1942 SOCKET_FINAL_SIGKILL))
1945 /* If there's already something running we go directly into
1947 if (IN_SET(s->state,
1950 SOCKET_START_POST)) {
1951 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1955 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1957 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1961 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1962 Socket *s = SOCKET(u);
1970 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1971 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1972 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1974 if (s->control_pid > 0)
1975 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1977 if (s->control_command_id >= 0)
1978 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1980 LIST_FOREACH(port, p, s->ports) {
1986 copy = fdset_put_dup(fds, p->fd);
1990 if (p->type == SOCKET_SOCKET) {
1991 _cleanup_free_ char *t = NULL;
1993 r = socket_address_print(&p->address, &t);
1997 if (socket_address_family(&p->address) == AF_NETLINK)
1998 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2000 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2002 } else if (p->type == SOCKET_SPECIAL)
2003 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2004 else if (p->type == SOCKET_MQUEUE)
2005 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2007 assert(p->type == SOCKET_FIFO);
2008 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2015 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2016 Socket *s = SOCKET(u);
2022 if (streq(key, "state")) {
2025 state = socket_state_from_string(value);
2027 log_debug_unit(u->id, "Failed to parse state value %s", value);
2029 s->deserialized_state = state;
2030 } else if (streq(key, "result")) {
2033 f = socket_result_from_string(value);
2035 log_debug_unit(u->id, "Failed to parse result value %s", value);
2036 else if (f != SOCKET_SUCCESS)
2039 } else if (streq(key, "n-accepted")) {
2042 if (safe_atou(value, &k) < 0)
2043 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2046 } else if (streq(key, "control-pid")) {
2049 if (parse_pid(value, &pid) < 0)
2050 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2052 s->control_pid = pid;
2053 } else if (streq(key, "control-command")) {
2054 SocketExecCommand id;
2056 id = socket_exec_command_from_string(value);
2058 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2060 s->control_command_id = id;
2061 s->control_command = s->exec_command[id];
2063 } else if (streq(key, "fifo")) {
2067 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2068 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2071 LIST_FOREACH(port, p, s->ports)
2072 if (p->type == SOCKET_FIFO &&
2073 streq_ptr(p->path, value+skip))
2078 p->fd = fdset_remove(fds, fd);
2082 } else if (streq(key, "special")) {
2086 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2087 log_debug_unit(u->id, "Failed to parse special value %s", value);
2090 LIST_FOREACH(port, p, s->ports)
2091 if (p->type == SOCKET_SPECIAL &&
2092 streq_ptr(p->path, value+skip))
2097 p->fd = fdset_remove(fds, fd);
2101 } else if (streq(key, "mqueue")) {
2105 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2106 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2109 LIST_FOREACH(port, p, s->ports)
2110 if (p->type == SOCKET_MQUEUE &&
2111 streq_ptr(p->path, value+skip))
2116 p->fd = fdset_remove(fds, fd);
2120 } else if (streq(key, "socket")) {
2121 int fd, type, skip = 0;
2124 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2125 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2128 LIST_FOREACH(port, p, s->ports)
2129 if (socket_address_is(&p->address, value+skip, type))
2134 p->fd = fdset_remove(fds, fd);
2138 } else if (streq(key, "netlink")) {
2142 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2143 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2146 LIST_FOREACH(port, p, s->ports)
2147 if (socket_address_is_netlink(&p->address, value+skip))
2152 p->fd = fdset_remove(fds, fd);
2156 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2161 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2162 Socket *s = SOCKET(u);
2167 LIST_FOREACH(port, p, s->ports) {
2171 if (p->type != SOCKET_SOCKET)
2177 FDSET_FOREACH(fd, fds, i) {
2178 if (socket_address_matches_fd(&p->address, fd)) {
2179 p->fd = fdset_remove(fds, fd);
2180 s->deserialized_state = SOCKET_LISTENING;
2189 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2192 return state_translation_table[SOCKET(u)->state];
2195 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2198 return socket_state_to_string(SOCKET(u)->state);
2201 const char* socket_port_type_to_string(SocketPort *p) {
2209 switch (p->address.type) {
2217 case SOCK_SEQPACKET:
2218 return "SequentialPacket";
2221 if (socket_address_family(&p->address) == AF_NETLINK)
2228 case SOCKET_SPECIAL:
2232 return "MessageQueue";
2242 _pure_ static bool socket_check_gc(Unit *u) {
2243 Socket *s = SOCKET(u);
2247 return s->n_connections > 0;
2250 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2251 SocketPort *p = userdata;
2257 if (p->socket->state != SOCKET_LISTENING)
2260 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2262 if (revents != EPOLLIN) {
2264 if (revents & EPOLLHUP)
2265 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2266 UNIT(p->socket)->id);
2268 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2269 UNIT(p->socket)->id, revents);
2274 if (p->socket->accept &&
2275 p->type == SOCKET_SOCKET &&
2276 socket_address_can_accept(&p->address)) {
2280 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2286 log_error_unit(UNIT(p->socket)->id,
2287 "Failed to accept socket: %m");
2294 socket_apply_socket_options(p->socket, cfd);
2297 socket_enter_running(p->socket, cfd);
2301 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2305 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2306 Socket *s = SOCKET(u);
2312 if (pid != s->control_pid)
2317 if (is_clean_exit(code, status, NULL))
2319 else if (code == CLD_EXITED)
2320 f = SOCKET_FAILURE_EXIT_CODE;
2321 else if (code == CLD_KILLED)
2322 f = SOCKET_FAILURE_SIGNAL;
2323 else if (code == CLD_DUMPED)
2324 f = SOCKET_FAILURE_CORE_DUMP;
2326 assert_not_reached("Unknown sigchld code");
2328 if (s->control_command) {
2329 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2331 if (s->control_command->ignore)
2335 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2337 "%s control process exited, code=%s status=%i",
2338 u->id, sigchld_code_to_string(code), status);
2340 if (f != SOCKET_SUCCESS)
2343 if (s->control_command &&
2344 s->control_command->command_next &&
2345 f == SOCKET_SUCCESS) {
2347 log_debug_unit(u->id,
2348 "%s running next command for state %s",
2349 u->id, socket_state_to_string(s->state));
2352 s->control_command = NULL;
2353 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2355 /* No further commands for this step, so let's figure
2356 * out what to do next */
2358 log_debug_unit(u->id,
2359 "%s got final SIGCHLD for state %s",
2360 u->id, socket_state_to_string(s->state));
2364 case SOCKET_START_PRE:
2365 if (f == SOCKET_SUCCESS)
2366 socket_enter_start_chown(s);
2368 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2371 case SOCKET_START_CHOWN:
2372 if (f == SOCKET_SUCCESS)
2373 socket_enter_start_post(s);
2375 socket_enter_stop_pre(s, f);
2378 case SOCKET_START_POST:
2379 if (f == SOCKET_SUCCESS)
2380 socket_enter_listening(s);
2382 socket_enter_stop_pre(s, f);
2385 case SOCKET_STOP_PRE:
2386 case SOCKET_STOP_PRE_SIGTERM:
2387 case SOCKET_STOP_PRE_SIGKILL:
2388 socket_enter_stop_post(s, f);
2391 case SOCKET_STOP_POST:
2392 case SOCKET_FINAL_SIGTERM:
2393 case SOCKET_FINAL_SIGKILL:
2394 socket_enter_dead(s, f);
2398 assert_not_reached("Uh, control process died at wrong time.");
2402 /* Notify clients about changed exit status */
2403 unit_add_to_dbus_queue(u);
2406 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2407 Socket *s = SOCKET(userdata);
2410 assert(s->timer_event_source == source);
2414 case SOCKET_START_PRE:
2415 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2416 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2419 case SOCKET_START_CHOWN:
2420 case SOCKET_START_POST:
2421 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2422 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2425 case SOCKET_STOP_PRE:
2426 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2427 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2430 case SOCKET_STOP_PRE_SIGTERM:
2431 if (s->kill_context.send_sigkill) {
2432 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2433 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2435 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2436 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2440 case SOCKET_STOP_PRE_SIGKILL:
2441 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2442 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2445 case SOCKET_STOP_POST:
2446 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2447 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2450 case SOCKET_FINAL_SIGTERM:
2451 if (s->kill_context.send_sigkill) {
2452 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2453 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2455 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2456 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2460 case SOCKET_FINAL_SIGKILL:
2461 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2462 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2466 assert_not_reached("Timeout at wrong time.");
2472 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2481 /* Called from the service code for requesting our fds */
2484 LIST_FOREACH(port, p, s->ports)
2494 if (!(rfds = new(int, rn_fds)))
2498 LIST_FOREACH(port, p, s->ports)
2502 assert(k == rn_fds);
2510 static void socket_reset_failed(Unit *u) {
2511 Socket *s = SOCKET(u);
2515 if (s->state == SOCKET_FAILED)
2516 socket_set_state(s, SOCKET_DEAD);
2518 s->result = SOCKET_SUCCESS;
2521 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2524 /* The service is dead. Dang!
2526 * This is strictly for one-instance-for-all-connections
2529 if (s->state == SOCKET_RUNNING) {
2530 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2531 if (failed_permanent)
2532 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2534 socket_enter_listening(s);
2538 void socket_connection_unref(Socket *s) {
2541 /* The service is dead. Yay!
2543 * This is strictly for one-instance-per-connection
2546 assert(s->n_connections > 0);
2549 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2552 static void socket_trigger_notify(Unit *u, Unit *other) {
2553 Socket *s = SOCKET(u);
2559 /* Don't propagate state changes from the service if we are
2560 already down or accepting connections */
2561 if ((s->state != SOCKET_RUNNING &&
2562 s->state != SOCKET_LISTENING) ||
2566 if (other->load_state != UNIT_LOADED ||
2567 other->type != UNIT_SERVICE)
2570 se = SERVICE(other);
2572 if (se->state == SERVICE_FAILED)
2573 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2575 if (se->state == SERVICE_DEAD ||
2576 se->state == SERVICE_STOP ||
2577 se->state == SERVICE_STOP_SIGTERM ||
2578 se->state == SERVICE_STOP_SIGKILL ||
2579 se->state == SERVICE_STOP_POST ||
2580 se->state == SERVICE_FINAL_SIGTERM ||
2581 se->state == SERVICE_FINAL_SIGKILL ||
2582 se->state == SERVICE_AUTO_RESTART)
2583 socket_notify_service_dead(s, false);
2585 if (se->state == SERVICE_RUNNING)
2586 socket_set_state(s, SOCKET_RUNNING);
2589 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2590 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2593 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2594 Socket *s = SOCKET(u);
2597 if (!s->timer_event_source)
2600 r = sd_event_source_get_time(s->timer_event_source, timeout);
2607 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2608 [SOCKET_DEAD] = "dead",
2609 [SOCKET_START_PRE] = "start-pre",
2610 [SOCKET_START_CHOWN] = "start-chown",
2611 [SOCKET_START_POST] = "start-post",
2612 [SOCKET_LISTENING] = "listening",
2613 [SOCKET_RUNNING] = "running",
2614 [SOCKET_STOP_PRE] = "stop-pre",
2615 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2616 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2617 [SOCKET_STOP_POST] = "stop-post",
2618 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2619 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2620 [SOCKET_FAILED] = "failed"
2623 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2625 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2626 [SOCKET_EXEC_START_PRE] = "StartPre",
2627 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2628 [SOCKET_EXEC_START_POST] = "StartPost",
2629 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2630 [SOCKET_EXEC_STOP_POST] = "StopPost"
2633 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2635 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2636 [SOCKET_SUCCESS] = "success",
2637 [SOCKET_FAILURE_RESOURCES] = "resources",
2638 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2639 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2640 [SOCKET_FAILURE_SIGNAL] = "signal",
2641 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2642 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2645 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2647 const UnitVTable socket_vtable = {
2648 .object_size = sizeof(Socket),
2649 .exec_context_offset = offsetof(Socket, exec_context),
2650 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2651 .kill_context_offset = offsetof(Socket, kill_context),
2652 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2658 .private_section = "Socket",
2660 .init = socket_init,
2661 .done = socket_done,
2662 .load = socket_load,
2664 .coldplug = socket_coldplug,
2666 .dump = socket_dump,
2668 .start = socket_start,
2669 .stop = socket_stop,
2671 .kill = socket_kill,
2673 .get_timeout = socket_get_timeout,
2675 .serialize = socket_serialize,
2676 .deserialize_item = socket_deserialize_item,
2677 .distribute_fds = socket_distribute_fds,
2679 .active_state = socket_active_state,
2680 .sub_state_to_string = socket_sub_state_to_string,
2682 .check_gc = socket_check_gc,
2684 .sigchld_event = socket_sigchld_event,
2686 .trigger_notify = socket_trigger_notify,
2688 .reset_failed = socket_reset_failed,
2690 .bus_interface = "org.freedesktop.systemd1.Socket",
2691 .bus_vtable = bus_socket_vtable,
2692 .bus_set_property = bus_socket_set_property,
2693 .bus_commit_properties = bus_socket_commit_properties,
2695 .status_message_formats = {
2696 /*.starting_stopping = {
2697 [0] = "Starting socket %s...",
2698 [1] = "Stopping socket %s...",
2700 .finished_start_job = {
2701 [JOB_DONE] = "Listening on %s.",
2702 [JOB_FAILED] = "Failed to listen on %s.",
2703 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2704 [JOB_TIMEOUT] = "Timed out starting %s.",
2706 .finished_stop_job = {
2707 [JOB_DONE] = "Closed %s.",
2708 [JOB_FAILED] = "Failed stopping %s.",
2709 [JOB_TIMEOUT] = "Timed out stopping %s.",